Forum Discussion

elfasso_137228's avatar
elfasso_137228
Icon for Nimbostratus rankNimbostratus
Oct 08, 2014

BigIP 4200 Active/Standby <> Change Management IP/Hostname

Hi,

 

I'm running a pair of BigIP 4200 in an Active/Standby Configuration. Softwareversion is 11.4.0 HF6. I have a dedicated link for the network failover. I am using the IP of the Failover-Network and the Management IP as Unicast Failover Adresses.

 

Due to a change in our network design, I have to change the Management-IP/Hostname for both devices.

 

I tried the change, but I ended up with a lot of problems and the BigIPs in State Active/Active. Luckily, I did a backup of the working configuration und I could make a restore immediately. I performed the following steps:

 

  • delete the Management IP as a Failover Unicast IP
  • change IP, Subnet, Gateway und Hostname in one Step using the GUI on Standby-Unit
  • change IP, Subnet, Gateway und Hostname in one Step using the GUI on Active-Unit

What exactly was my problem? Did I destroy my device trust by changing the hostname, or was changing the IP the reason? Is there a chance to change Management IP/Hostname In-Service or do I need a maintenance window?

 

Thanks in advance Regard,

 

Thorsten

 

4 Replies

  • Hi,

     

    you destroyed device trust by changing hostname.

     

    Device identity

     

    The devices in a BIG-IP® device group use x509 certificates for mutual authentication. Each device in a device group has an x509 certificate installed on it that the device uses to authenticate itself to the other devices in the group.

     

    Device identity is a set of information that uniquely identifies that device in the device group, for the purpose of authentication. Device identity consists of the x509 certificate, plus this information:

     

    • Device name
    • Host name
    • Platform serial number
    • Platform MAC address
    • Certificate name
    • Subjects
    • Expiration
    • Certificate serial number
    • Signature status

    To avoid BigIPs in state Active/Active, you can switch StandBy Unit into "Force to Offline" mode.

     

  • Hi Vitaliy,

     

    thanks for your answer.

     

    So what would be the steps to perform the change without a maintenance window?

     

    • set standby device to force offline
    • change IP/Hostname of standby device
    • set up Device trust again (device 1 old IP, device 2 new IP)
    • release offline standby device
    • force standby active device
    • set standby device to force offline
    • change IP/Hostname of standby device
    • set up Device trust again (device 1 new IP, device 2 new IP)
    • release offline standby device
    • force offline active device

    Is this correct? Unfortunately, I have no lab to test this...

     

  • I made the same changes on my devices using following steps:

     

    • set standby device to force offline
    • change IP/Hostname of standby device
    • release offline standby device
    • force standby active device (if needed make standby device to active manualy)
    • set standby device to force offline
    • change IP/Hostname of standby device
    • set up Device trust (device 1 new IP, device 2 new IP)
    • release offline standby device

    In my network environment I didn't use maintenance window for this changes, there was no traffic failures. If you have complex network configuration it's better to use maintenance window.

     

  • After you change the IP of the first device (step 2) you have destroyed the device trust. If you release offline (step 3) you have an Active/Active state until you force the other device offline. So, you have a short period where you might have a negative influence on the applications.

     

    Is this correct?